﻿<!--#include file="filter.asp"-->
<%
  dim conn
 set conn=Server.CreateObject("ADODB.Connection")
conn.Open "driver={sql server};Server=.;Uid=sa;Pwd=123456;Database=17daigou"

 	If Err Then
		err.Clear
		Set Conn = Nothing
		Response.Write "数据库连接出错，请检查连接字串。"'注释，需要把这几个字翻译成英文。
		Response.End
	End If
	
dim qs,errc,iii
qs=request.servervariables("query_string")
qs=LCase(qs)
dim nothis(17)
nothis(0)="net user"
nothis(1)="xp_cmdshell"
nothis(2)="/add"
nothis(3)="exec%20master.dbo.xp_cmdshell"
nothis(4)="net localgroup administrators"
nothis(5)="select"
nothis(6)="count"
nothis(7)="asc"
nothis(8)="char"
nothis(9)="mid"
nothis(10)="'"
nothis(11)=":"
nothis(12)=""""
nothis(13)="insert"
nothis(14)="delete"
nothis(15)="drop"
nothis(16)="truncate"
nothis(17)="from"
errc=false
for iii= 0 to ubound(nothis)
if instr(qs,nothis(iii))<>0 then
errc=true
end if
next

if errc then
response.write "<script language=""javascript"">"
response.write "alert('非法操作!您提交了错误的信息...');"
response.write "window.history.back();"
response.write "</script>"
response.end
end if

sub delfile(fpaths,furl)
       dim filepaths,objFSO
       if len(furl)>8 then
	   Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
       filepaths=Server.MapPath(""&fpaths&furl&"")
       if objFSO.fileExists(filepaths) then
          objFSO.DeleteFile(filepaths)
       end if
	   end if
end sub

'读取api密钥
set rsapi=server.CreateObject("adodb.recordset")
sql="select * from API where type=1"
rsapi.open sql,conn,1,3
if not rsapi.eof then
do while not rsapi.eof 
'日本雅虎代购
if rsapi("webtype")=1 then
yahoo_daigou_apiid=rsapi("key")
yahoo_daigou_apisecret=rsapi("secret")
end if
'日本雅虎代拍
if rsapi("webtype")=2 then
yahoo_daipai_apiid=rsapi("key")
yahoo_daipai_apisecret=rsapi("secret")
end if
'日本乐天
if rsapi("webtype")=3 then
letian_daigou_apiid=rsapi("key")
letian_daigou_apisecret=rsapi("secret")
end if
'日本亚马逊
if rsapi("webtype")=4 then
amazon_daigou_nick=rsapi("nick")
amazon_daigou_apiid=rsapi("key")
amazon_daigou_apisecret=rsapi("secret")
end if
rsapi.movenext
loop
rsapi.close
set rsapi=nothing
end if	





'读取api使用次数
set rss=server.CreateObject("adodb.recordset")
sql="select * from base"
rss.open sql,conn,1,3
if not rss.eof then
auctions_title=rss("auctions_title")
auctions_key=rss("auctions_key")
auctions_desc=rss("auctions_desc")
shopping_title=rss("shopping_title")
shopping_key=rss("shopping_key")
shopping_desc=rss("shopping_desc")
transport_title=rss("transport_title")
transport_key=rss("transport_key")
transport_desc=rss("transport_desc")
web_title=rss("title")
web_key=rss("key")
web_desc=rss("desc")
web_rate=cdbl(rss("rate"))
web_qq=rss("qq")
web_wangwang=rss("wangwang")
web_Copyright=rss("Copyright")
web_tel=rss("tel")
web_mobile=rss("mobile")
web_worktime=rss("worktime")
web_Address=rss("Address")
web_FreeSaveDate=rss("FreeSaveDate")
web_CreditMargin=rss("CreditMargin")
web_RemittanceCost=rss("RemittanceCost")
web_TransportCost=rss("TransportCost")
web_chat=rss("chat")
web_Clause=rss("Clause")
web_cookie=rss("cookie")
web_bidsUrl=rss("bidsUrl")
web_TopUrl=rss("TopUrl")
rss.close
set rss=nothing
end if
%>